web/quotes: require login for all pages
...except things under /accounts/, because I generally just trust that to do access control for me.
This commit is contained in:
parent
7ec8e08ff0
commit
ee3299223a
5 changed files with 25 additions and 3 deletions
15
web/quotes/quotesapp/middleware.py
Normal file
15
web/quotes/quotesapp/middleware.py
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
from django.contrib.auth.decorators import login_required
|
||||||
|
|
||||||
|
|
||||||
|
class LoginRequiredMiddleware:
|
||||||
|
def __init__(self, get_response):
|
||||||
|
self.get_response = get_response
|
||||||
|
|
||||||
|
def is_open_url(self, path_info):
|
||||||
|
return path_info.startswith('/accounts/')
|
||||||
|
|
||||||
|
def __call__(self, request):
|
||||||
|
if not self.is_open_url(request.path_info):
|
||||||
|
return login_required()(self.get_response)(request)
|
||||||
|
|
||||||
|
return self.get_response(request)
|
|
@ -60,6 +60,7 @@ MIDDLEWARE = [
|
||||||
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
||||||
"django.contrib.messages.middleware.MessageMiddleware",
|
"django.contrib.messages.middleware.MessageMiddleware",
|
||||||
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
||||||
|
"quotes.quotesapp.middleware.LoginRequiredMiddleware",
|
||||||
]
|
]
|
||||||
|
|
||||||
ROOT_URLCONF = "quotes.quotesapp.urls"
|
ROOT_URLCONF = "quotes.quotesapp.urls"
|
||||||
|
|
|
@ -16,15 +16,14 @@ Including another URLconf
|
||||||
from django.contrib import admin
|
from django.contrib import admin
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.urls import include, re_path, path
|
from django.urls import include, re_path, path
|
||||||
|
from django.views.generic import TemplateView
|
||||||
|
|
||||||
import allauth.urls
|
import allauth.urls
|
||||||
import quotes.quotedb.urls
|
import quotes.quotedb.urls
|
||||||
|
|
||||||
# Monkeypatch the login_required decorator onto /admin.
|
|
||||||
admin.site.login = login_required(admin.site.login)
|
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path("admin/", admin.site.urls),
|
path("admin/", admin.site.urls),
|
||||||
path("accounts/", include(allauth.urls)),
|
path("accounts/", include(allauth.urls)),
|
||||||
|
path("accounts/logged_out/", TemplateView.as_view(template_name='account/logged_out.html')),
|
||||||
re_path(r"", include(quotes.quotedb.urls)),
|
re_path(r"", include(quotes.quotedb.urls)),
|
||||||
]
|
]
|
||||||
|
|
6
web/quotes/templates/account/logged_out.html
Normal file
6
web/quotes/templates/account/logged_out.html
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{% extends "alert.html" %}
|
||||||
|
|
||||||
|
{% block title %}Logged out{% endblock %}
|
||||||
|
|
||||||
|
{% block content_title %}Logged <span class="text-bfobOrange">Out</span>{% endblock %}
|
||||||
|
{% block content_text %}Bye, I guess.{% endblock %}
|
|
@ -24,6 +24,7 @@
|
||||||
{% if user.is_authenticated %}
|
{% if user.is_authenticated %}
|
||||||
<form action="/accounts/logout/" method="POST">
|
<form action="/accounts/logout/" method="POST">
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
|
<input type="hidden" name="next" value="/accounts/logged_out/">
|
||||||
<button type="submit" class="px-4 py-1 rounded-full text-sm border border-bfobOrange text-bfobOrange hover:border-transparent hover:bg-bfobOrange hover:text-bfobGray-dark">Logout</button>
|
<button type="submit" class="px-4 py-1 rounded-full text-sm border border-bfobOrange text-bfobOrange hover:border-transparent hover:bg-bfobOrange hover:text-bfobGray-dark">Logout</button>
|
||||||
</form>
|
</form>
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
Loading…
Reference in a new issue